First American Bank is a family owned, full-service bank with over 50 locations in Illinois, Florida, and Wisconsin. Our mission is simple: to offer competitive banking products with the personal attention and service customers deserve. First American Bank can offer employees a level of visibility and stability that is difficult to find in many larger corporations. We are looking for people who want a career - not just a job!
The Chief Information Security Officer (CISO) is responsible for planning, creating, and maintaining the Bank's Information Security Program, and promoting a security environment that ensures the confidentiality, integrity, and availability of information managed by the Bank. The CISO maintains ongoing risk assessments, leads the evaluation, and coordinates the adoption of risk-based and cost-effective mitigating controls. A key element of the CISO''s role is working with executive management to determine acceptable levels of risk for the organization by actively engaging with other members of management to oversee the bank's information security risks. As a key contributor to the bank's success, the CISO provides advice and counsel to assist in the development of products and services that are consistent with regulations and industry standards governing information security. The CISO is also responsible for the implementation and maintenance of the bank's cybersecurity incident response program.
Duties & Responsibilities
Implement and maintain an effective information security program as directed by the Board of Directors that supports corporate goals, financially responsible risk tolerance and regulatory guidance, to include:
1. In collaboration with management, review and maintenance of Information Security policies and related standards and procedures;
2. Monitoring programs to assure uniform adherence to policies, procedures, and standards;
3. Working with management of all organizational units and developing and maintenance of information security risk assessments designed to identify and evaluate inherent risks, controls, and residual risks consistent with the Bank's risk tolerance;
4. Managing the implementation of information security metrics and reporting processes and preparation of periodic reports to management and the Board of Directors or Board designated committee;
5. Managing and continual evaluation of, security controls, systems, and procedures to assess their effectiveness, and working with management to identify, develop, and execute plans to maintain adequate monitoring and address information security risks commensurate with the bank's risk tolerance;
6. Developing, mentoring, and managing a high performing staff of information security professionals;
7. Providing advice and counsel to other organizational units during project or product development life cycle to ensure that risks are identified, and appropriate security controls are considered during vendor selection and process development, or improvement efforts;
8. Developing, implementing, and assessing cybersecurity incident response plans;
9. Ensuring appropriate coordination exists with Business Continuity Programs and Disaster Recovery Plans and Cybersecurity Incidents Response Plans;
10. Providing advice and counsel and collaborating with the Compliance Department to develop, implement, and maintain the Bank's Vendor Management. Participate in the review of reports of service organization controls and assist the business units in evaluating compensating end user controls;
11. Maintaining standards to ensure access to all information systems is controlled both internally and externally commensurate with the Bank's risk tolerance and monitoring the adoption of those standards, assessing ongoing risk, and reporting to management and the Board of Directors;
12. Educating stakeholders on cybersecurity-related matters to increase awareness and promote a culture focused on mitigating information security risks. Establish standards that ensure all employees receive mandatory training in information security awareness and information security policies, guidelines, and procedures;
13. Developing educational materials and presentations consistent with the goals and responsibilities of the Information Security Program;
14. Participating in the preparation prior to regulatory examinations and serving as an active respondent to questions which arise during an examination;
15. Being Chairman and coordinating the activities of the Executive Information Security Committee.
14. Participating in other committees and projects to ensure the consistent application of policies and standards across all technology projects, systems, products, and services.
15. Reporting directly to the Board or Board designated committee on matters concerning information security; and
16. Staying current with the changing threat landscape, technology trends, industry standards, applicable regulatory guidance, and best practices related to information security risk mitigation and communicating those concepts in an appropriate business context to management and the Board.
Bachelor's Degree in a computer or technology related field, business, or related discipline.
Minimum of five years' Information Security or Cybercrime related experience required, preferably in a management and or leadership role in the financial Services sector.
Demonstrated understanding of current technology and regulatory trends affecting financial institution information security programs.
Strong understanding of risk management methodologies and regulatory requirements pertaining to information security, privacy and/or data security.
Demonstrated project management skills including the ability to manage multiple complex priorities and competing agendas without express authority over delivery teams.
Knowledge of laws, cyber security standards, and compliance frameworks such as FFIEC, GLBA, ISO, NIST, COBIT, SOX, HIPAA, and PCI DSS, as well as emerging privacy laws.
Demonstrated sound judgment as well as strong decision-making, analytical, and critical thinking skills.
Possess the ability to respond to business needs with agility, a sense of urgency, and a commitment to high ethical standards, regulatory compliance, customer service and business integrity.
Must possess strong people skills to effectively interact with leaders at multiple levels and facilitate team interactions.
Ability to bring key stakeholders together to achieve consensus rapidly and collaboratively on priorities and to develop paths forward to work through tasks and projects.
Excellent written and verbal communications skills and the ability to create and present technical information to line of business leadership.
The incumbent must have strong familiarity with personal productivity tools, such as those available through Microsoft Office 365.
Professional certifications such as Certified Information System Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA) preferred.
Membership and participation in one or more professional groups, such as ISACA or ISSA, required upon employment (membership will be sponsored by Bank).
Regular local travel to various Bank branch and department locations is required, occasional non-local travel as needed.
Typical schedule would fall between the hours of 7:30 a.m. to 5:00 p.m. Monday through Friday.
Occasional weekends and after-hours as workload dictates.